Home / malware TrojanDownloader:QT/Waick.B
First posted on 10 September 2010.
Source: SecurityHomeAliases :
TrojanDownloader:QT/Waick.B is also known as Exploit:Win32.QuickLoad.a (Kaspersky), Trojan horse Downloader.Generic_c.BOM (AVG), Mal/QTWaik-A (Sophos), TROJ_QUICKTM.A (Trend Micro).
Explanation :
TrojanDownloader:QT/Waick.B is an approximately 3.6 Mb Quick Time media file which when opened by Quick Timer player attempts to social engineer users in to downloading and executing malicious files from remote sites.
Top
TrojanDownloader:QT/Waick.B is a trojan downloader QuickTime media file approximately 3.6 Mb in size that when opened by QuickTime media player, attempts to social engineer users into downloading and executing malicious files from remote sites. InstallationTrojanDownlaoder:QT/Waick.B may be encountered as a file attachment to an email message or be distributed through newsgroups, peer-to-peer (P2P) or file sharing services such as Rapidshare, eMule or Bit Torrent. Payload Downloads arbitrary filesWhen opened by QuickTime media player, the player is instructed to open a web page from a remote website such as "play.me<snipped>ler.com". The web page masquerades as a valid codec installer service and instructs a user to download and run a malicious application named "access.exe". Simultaneously, the QuickTime player displays "Please install Media Song Player" which is aimed to make it even more enticing for users to download and execute the executable, as in the following example: At the time of this writing, the executable is detected as Trojan:Win32/BHO.LO. Additional InformationIt is interesting to note that the page advertises a windows media player codec, it is possible that the same page was aimed to be used for WMV files social engineering schemes.
Analysis by Oleg PetrovskyLast update 10 September 2010
